Nevermind Anonymous – organizations are in danger of DOSing themselves

The problem is not caused by BYOD, Sergio Galindo, global product manager at GFI Software told Infosecurity, but “can be multiplied by BYOD.” That said, he added, “users with their own hardware are potentially capable of creating more disruption as their devices are not locked down or limited as company-issued hardware would be.”

That disruption was quantified in a GFI blog last week, using viral videos such as Gangnam Style and Harlem Shake as examples. “The first hit on YouTube [for the latter] is a 5:30 compilation video of Harlem Shakes. An average one minute of video stream from YouTube is approximately 10Mb of data. At one point, you have 25 employees who are watching it: 25users * 10MB * 5.5minutes = 1,375MB in five minutes!” Add in streaming radio over the course of the day: 25users * 10MB * 60minutes * 5 hours = 75,000MB.

“75GB! And you wonder why your Internet is somewhat slow?” The problem is caused not so much by any malicious intent from users, but through the blurring of lines – accentuated by BYOD policies – between home and work. Users tend to believe that their employer will have more bandwidth than they have at home. But “businesses typically get access to the same level of maximum available bandwidth as home users in the same area,” Galindo told Infosecurity. “Even so, if we were to take an example where a company has a bandwidth connection of 50Mb, splitting that between 50 employee users, it is worse than splitting a 10Mb residential connection between just four family members.”

The effect is similar to being DoS’d by hacktivists. “As a DoS attack floods a server with traffic until it falls over or is otherwise rendered unusable, by flooding your bandwidth with video streams you are in essence doing exactly the same thing to your own connection,” said Galindo. “By overwhelming your bandwidth with ‘useless’ traffic you are compromising user access to essential services such as access to VoIP, Salesforce.com and other critical business services.”

A few years ago this was a problem that occurred just once or twice a year – during the Wimbledon or US Open finals, or major matches at major competitions and royal weddings. Now, with the increasing consumerization of computing, it is a constant threat that needs to be tackled. The solution, suggests GFI, is in user or usage quotas, either by throttling overall traffic from specified websites, or limiting individual users access to those sites. GFI’s solution is the latter: a software-based allocation of bandwidth from specified websites to specified users. “So you can say,” explained Galindo, “that a user cannot stay on YouTube for more than 10 minutes each day. All of this leads to solving both bandwidth and productivity issues.” No more self-inflicted DoS.

What’s hot on Infosecurity Magazine?